<?
error_reporting(0);
$user_login=$_POST["user_login"];
$pass_login=$_POST["pass_login"];

if ($user_login=="" or $pass_login=="") {
?>
	<script type="text/javascript">
	alert("กรุณาป้อนอีเมล์และรหัสผ่าน");
	window.history.back();
	</script>
<?
}else{
	include "connect/connect_dsccmis.php";
	$sql="select userid,fullname,user_type from user where email='$user_login' and pwd='$pass_login' and active=1";
	//echo $sql;
	//mysql_query("set names utf8");
	$result=mysql_query($sql);
	$row=mysql_fetch_array($result);
	$user_type=$row["user_type"];
	$fullnme=$row["fullname"];
	$userid=$row["userid"];
	//echo "user_type=".$user_type;
	$num=mysql_num_rows($result);
	//echo "num=".$num;
	//mysql_close();
	if($num<=0) {
?>
		<script type="text/javascript">
		alert("อีเมล์หรือรหัสผ่านไม่ถูกต้อง");
		window.history.back();
		</script>

<?
	} else {
		session_start();
		$_SESSION["sess_userid"]=session_id();
		$_SESSION["sess_email"]=$user_login;
		$_SESSION["sess_user_type"]=$user_type;
		$_SESSION["sess_fullnme"]=$fullnme;
		$_SESSION["sess_sts"]=$sts;
		$_SESSION['start'] = time();
		$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
		$tempY=date("Y");
		if($tempY<"2550"){
			$tempY=(int)$tempY+543;
		}
		$login_datetime= $tempY.date("-m-d-H:i");
		
		$sql="insert into user_login_log(userid,login_datetime,login_ip) values('$userid','$login_datetime','$REMOTE_ADDR')";
		mysql_query($sql);
		mysql_close();
?>
		<script type="text/javascript">
			window.location.href='index.php';
		</script>
<?
	}
}
?>